mirai | 6a2cee1d5692d5c3976e68d8e3b80f669f95ee3f6133aca7c9036fce05daea75 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

6a2cee1d5692d5c3976e68d8e3b80f669f95ee3f6133aca7c9036fce05daea75.elf
Size

45KB
Sample

240710-vwxmxssene
MD5

63d962b7db2ea4cd8ddadbe5c1aeb74b
SHA1

6dab277e69df2a231faa2d387d304e26b86ba5ea
SHA256

6a2cee1d5692d5c3976e68d8e3b80f669f95ee3f6133aca7c9036fce05daea75
SHA512

7768a8b2ec2c528d22e0c41b30c36c73cc9939b8b9641211b0a6da8bf1dffa340c927489b12a5761417a37cae1a61f5c48735ede042443741386fa2e8d5f0a5a
SSDEEP

768:Yk/rjSNwLGBs80WEJ5noXR83sjYQ9c8hwf8Se3WEmI3EV:Yk/rjSNwLGBzFE6kQHhwi3WbI3E

Score

10^/10

mirai botnet discovery linux rootkit

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

- Target
  
  6a2cee1d5692d5c3976e68d8e3b80f669f95ee3f6133aca7c9036fce05daea75.elf
- Size
  
  45KB
- MD5
  
  63d962b7db2ea4cd8ddadbe5c1aeb74b
- SHA1
  
  6dab277e69df2a231faa2d387d304e26b86ba5ea
- SHA256
  
  6a2cee1d5692d5c3976e68d8e3b80f669f95ee3f6133aca7c9036fce05daea75
- SHA512
  
  7768a8b2ec2c528d22e0c41b30c36c73cc9939b8b9641211b0a6da8bf1dffa340c927489b12a5761417a37cae1a61f5c48735ede042443741386fa2e8d5f0a5a
- SSDEEP
  
  768:Yk/rjSNwLGBs80WEJ5noXR83sjYQ9c8hwf8Se3WEmI3EV:Yk/rjSNwLGBzFE6kQHhwi3WbI3E
Score

9^/10

discovery rootkit
- Contacts a large (136430) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryrootkit